Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"
HP & Linux

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents
Up to --> Basic Administration

· System Logging
· Syslogd
· Managing System Logs

Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
Copyright Info
Terms of Use
Privacy Info
Masthead / Impressum
Your Account

Private Messages

News Archive
Submit News
User Articles
Web Links


The Web

Who's Online
There are currently, 53 guest(s) and 0 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here

Linux Tutorial - Basic Administration - System Logging - Managing System Logs
  Syslogd ---- Backups  

Managing System Logs

Often times it is useful to log messages from scripts. This can done using the logger command (usually found in /usr/bin). Without any options it takes the user name as the facility and "notice" as the priority. However, you can specify both a facility and priority from the command line by using -p option for example:

logger -p kern.warning The kernel has been recompiled.

This would send the specified message to the same place other kernel messages are sent. For details on the other options, see the logger(1) man-page.

One common problem is what to do with all of the log messages. If you do a lot of logging (particularly if everything is sent to a central server), you can fill up your filesystem faster than you think. The most obvious and direct solution is to remove them as after a specific length of time or when they reach a particular size.

It is a fairly simple matter to write a shell script that is started from cron, which looks at the log files and takes specific actions. The nice thing is that you do not have to. Linux provides this functionality for you in the form of the logrotate command.

As its name implies, the goal of the logrotate program is to "rotate" log files. This could be as simple as moving a log file to a different name and replacing the original with an empty file. However, there is much more to it.

Two files define how logrotate behaves. The state file (specified with the -s or --state option) basically tells logrotate when the last actions were taken. The default is /var/state/logrotate.

The configuration file tells logrotate when to rotate each of the respective files. If necessary, you can have multiple configuration files which can all be specified on the same command line or you include configuration files within another one.

The logrotate configuration file is broken into two parts. At the beginning are the global configuration options, which apply to all log files. Next, there are the configuration sections of each of the individual files (the logfile definitions). Note that some options can be global or for a specific log file, which then overwrites the global options. However, there are some that can only be used within a logfile definition.

A very simple logrotate configuration file to rotate the /var/log/messages might look like this:

errors root@logserver compress /var/log/messages { rotate 4 weekly postrotate /sbin/killall -HUP syslogd endscript }

At the top are two global options, followed by a logfile definition for /var/log/messages. In this case, we could have included the global definitions within the log file definition. However, there is normally more than one logfile definition.

The first line says that all error messages are sent (mailed) to root at the logserver. The second line says that log files are to be compressed after they are rotated.

The logfile definition consists of the logfile name and the directives to apply, which are enclosed within curly brackets. The first line in the logfile definition says to rotate the 4 times before being removed. The next line says to rotate the files once a week. Together these two lines mean that any given copy of the /var/log/messages file will be saved for 4 weeks before it is removed.

The next three lines are actually a set. The postrotate directive says that what follows should be done immediately after the log file has been rotated. In this case, syslogd is sent a HUP signal to restart itself. There is also a prerotate directive, which has the same basic functionality, but does everything before the log is rotated.

It is also possible to specify an entire directory. For example, you could rotate all of the samba logs by specifying the directory /var/log/samba.d/*.

As I mentioned, you can also rotate logs based on their size. This is done by using the size= option. Sitting size=100K would rotate logs larger than 100 Kb and 100M would rotate logs larger than 100 Mb.

Although you can ease the management of your log files with just the options we discussed, there are an incredible number of additional options which you can use. Table 3 contains a list of options you can use with a brief explanation. For more details see the logrotate(1) man-page.

Table 1
local0 through local7.

The facility "security" should no longer be used and the "mark" facility is used internally and should not be used within applications. The facilities local0 through local8 are intended for local events on you local system when there is no other applicable facility.

Table 2 - Syslogd Priorities in increasing significance
warning or warn
err or error
emerg or panic

The priorities error, warn and panic are deprecated and should no longer used.

Table - logrotate options

compress/nocompress - compresses or does not compress old versions of logs.

delaycompress - Wait until the next cycle to compress the previous log.

create mode owner group - Log file is recreated with this mode, owner and group. (nocreate overrides this.)

daily, weekly, monthly - Rotate logs in the indicated interval.

errors address - Send errors to the address indicated.

ifempty - Rotate the logs even if they are empty. (notifempty overrides this.)

include file_or_directory - Include the indicate file at this point. If a directory is given, all real files in that directory are read.

mail address - Logs rotate out of existence are mailed to this address. (nomail overrides this)

olddir directory - old logs are moved to this directory, which must be on the same physical device. (noolddir overrides this.)

postrotate/endscript - delimits commands run after the log is rotated. Both must appear on a line by themselves.

prerotate/endscript - delimits commands before after the log is rotated. Both must appear on a line by themselves.

rotate count - Rotates the log times before being removed.

size size - Log files greater than are removed.

tabooext [+] list - list of files not to include. A plus-sign means the files are added to the list rather than replacing it.

 Previous Page
  Back to Top
Table of Contents
Next Page 


Test Your Knowledge

User Comments:

You can only add comments if you are logged in.

Copyright 2002-2009 by James Mohr. Licensed under modified GNU Free Documentation License (Portions of this material originally published by Prentice Hall, Pearson Education, Inc). See here for details. All rights reserved.
Show your Support for the Linux Tutorial

Purchase one of the products from our new online shop. For each product you purchase, the Linux Tutorial gets a portion of the proceeds to help keep us going.



Security Code
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!

Amazon Wish List

Did You Know?
The Linux Tutorial can use your help.


Tell a Friend About Us

Bookmark and Share

Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.10 Seconds